Ask HN: Why can't I apply custom fonts to HN?

4 pointsposted 13 hours ago
by -__-

Item id: 46748659

3 Comments

efortis

13 hours ago

Since this works

  const style = document.createElement('style')
  style.textContent = `* { font-family: Arial }`
  document.head.appendChild(style)
I'd say the `data:` URL of the font is violating the Content-Security-Policy, which should show an error in the Console.

Their CSP has `default-src 'self'` and has no font-src, so font-src is 'self' too (it would need `data:` as well)

lupire

11 hours ago

A custom browser can set its own CSP, right?

bangaladore

10 hours ago

CSP is inherently a client-side browser security feature, so yes.